bd7861fa6a9540331d7fb37f2c47b6e899846d0b85d67f957c5f9a6bc8434dd9

Analysis

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 10:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

FreeNetflixDownload.exe
Size

85.3MB
MD5

960a8f4a6a5431c2ae1be8f0d430ed59
SHA1

c128aff05563329de4764444351666beec241f71
SHA256

bd7861fa6a9540331d7fb37f2c47b6e899846d0b85d67f957c5f9a6bc8434dd9
SHA512

e284b151fa1b045479951b35d23c69e8f04f8691cf6da9380c53fcbd1dd3eca4d52ffb54737a15e439c35364c9737390e3f76c7938f9e5281150d52e9e956f29
SSDEEP

1572864:Gb/nquQPHhw/tlHb4iubLG2+eWCCyRqVFg1tPUhZyPkLINpOH8E52dgxPvTno0Ow:GbnquQPHhaX74/G7Wty2WX52dgxP0qaA

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	FreeNetflixDownload.tmp

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-47KUC.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-FLF73.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\imageformats\is-LHAO0.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-3L370.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-OD69R.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-COVF2.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-E1B99.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-DDIEQ.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\mediaservice\is-HL66A.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\platforminputcontexts\is-IFELR.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\unins000.msg	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-R3G4F.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-P68TL.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-LA9F0.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-824S6.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\styles\is-H6HN8.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-05CSG.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-A56VH.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-AF02B.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\resources\is-6G5R0.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\resources\is-VKIK7.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-K8K2V.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-6MM99.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\audio\is-UF4PT.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\translations\qtwebengine_locales\is-0PBNN.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-ALOKF.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-LPC2M.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-59VJB.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-O388S.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-7LGO7.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-NSM2R.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\playlistformats\is-A9QAO.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-PSBF5.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-GLBS4.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-1M09I.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-SFPKI.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-RL3SU.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-12KL1.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-4D1I4.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-DRSHD.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-BG49O.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\position\is-K4UPK.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-C3E7P.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-EATTI.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-6URA4.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-HR71K.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\mediaservice\is-0KQD9.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-198G0.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\imageformats\is-QI3L3.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\position\is-5A533.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-3T6GC.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-P96Q9.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-3CP68.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\resources\is-E7867.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-6TFNL.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-2M57V.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-VPU2B.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-DS23O.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-OG6GQ.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-PIENL.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-HORO9.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\imageformats\is-PG8VD.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-PNHGC.tmp	FreeNetflixDownload.tmp
File created	C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\is-H6H41.tmp	FreeNetflixDownload.tmp

Executes dropped EXE 2 IoCs

pid	Process
1596	FreeNetflixDownload.tmp
3756	FreeNetflixDownload.exe

Loads dropped DLL 62 IoCs

pid	Process
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FreeNetflixDownload.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FreeNetflixDownload.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FreeNetflixDownload.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
2912	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{4F879B78-58FD-4827-A136-98E5C5048DCE}	FreeNetflixDownload.exe

Script User-Agent 2 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	37	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	15	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3756	FreeNetflixDownload.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
1936	msedge.exe
1936	msedge.exe
1684	msedge.exe
1684	msedge.exe
4136	identity_helper.exe
4136	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3756	FreeNetflixDownload.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2912	taskkill.exe
Token: SeDebugPrivilege	3756	FreeNetflixDownload.exe
Token: SeLoadDriverPrivilege	3756	FreeNetflixDownload.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
1596	FreeNetflixDownload.tmp
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
1684	msedge.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe
3756	FreeNetflixDownload.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3600 wrote to memory of 1596	3600	FreeNetflixDownload.exe	86
PID 3600 wrote to memory of 1596	3600	FreeNetflixDownload.exe	86
PID 3600 wrote to memory of 1596	3600	FreeNetflixDownload.exe	86
PID 1596 wrote to memory of 2912	1596	FreeNetflixDownload.tmp	92
PID 1596 wrote to memory of 2912	1596	FreeNetflixDownload.tmp	92
PID 1596 wrote to memory of 2912	1596	FreeNetflixDownload.tmp	92
PID 1596 wrote to memory of 3756	1596	FreeNetflixDownload.tmp	99
PID 1596 wrote to memory of 3756	1596	FreeNetflixDownload.tmp	99
PID 1596 wrote to memory of 3756	1596	FreeNetflixDownload.tmp	99
PID 1596 wrote to memory of 1684	1596	FreeNetflixDownload.tmp	100
PID 1596 wrote to memory of 1684	1596	FreeNetflixDownload.tmp	100
PID 1684 wrote to memory of 3200	1684	msedge.exe	101
PID 1684 wrote to memory of 3200	1684	msedge.exe	101
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 4324	1684	msedge.exe	103
PID 1684 wrote to memory of 1936	1684	msedge.exe	104
PID 1684 wrote to memory of 1936	1684	msedge.exe	104
PID 1684 wrote to memory of 3060	1684	msedge.exe	105
PID 1684 wrote to memory of 3060	1684	msedge.exe	105
PID 1684 wrote to memory of 3060	1684	msedge.exe	105
PID 1684 wrote to memory of 3060	1684	msedge.exe	105
PID 1684 wrote to memory of 3060	1684	msedge.exe	105
PID 1684 wrote to memory of 3060	1684	msedge.exe	105
PID 1684 wrote to memory of 3060	1684	msedge.exe	105
PID 1684 wrote to memory of 3060	1684	msedge.exe	105
PID 1684 wrote to memory of 3060	1684	msedge.exe	105

C:\Users\Admin\AppData\Local\Temp\FreeNetflixDownload.exe
"C:\Users\Admin\AppData\Local\Temp\FreeNetflixDownload.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3600
- C:\Users\Admin\AppData\Local\Temp\is-267HR.tmp\FreeNetflixDownload.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-267HR.tmp\FreeNetflixDownload.tmp" /SL5="$802AC,88484358,886784,C:\Users\Admin\AppData\Local\Temp\FreeNetflixDownload.exe"
  2⤵
  - Checks computer location settings
  - Drops file in Program Files directory
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1596
- - C:\Windows\SysWOW64\taskkill.exe
    "C:\Windows\System32\taskkill.exe" /im FreeNetflixDownload.exe /f
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2912
- - C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\FreeNetflixDownload.exe
    "C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\FreeNetflixDownload.exe"
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:3756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://freegrabapp.com/install/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1684
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9677146f8,0x7ff967714708,0x7ff967714718
      4⤵
      PID:3200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,3882651062111971083,10163109435452970179,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
      4⤵
      PID:4324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,3882651062111971083,10163109435452970179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,3882651062111971083,10163109435452970179,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
      4⤵
      PID:3060
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,3882651062111971083,10163109435452970179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
      4⤵
      PID:2640
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,3882651062111971083,10163109435452970179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
      4⤵
      PID:2812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,3882651062111971083,10163109435452970179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
      4⤵
      PID:2572
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,3882651062111971083,10163109435452970179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
      4⤵
      PID:3688
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,3882651062111971083,10163109435452970179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4136
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,3882651062111971083,10163109435452970179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:1
      4⤵
      PID:1520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,3882651062111971083,10163109435452970179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
      4⤵
      PID:3960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,3882651062111971083,10163109435452970179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
      4⤵
      PID:4528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,3882651062111971083,10163109435452970179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
      4⤵
      PID:3324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\Decrypsis.dll

Filesize
13.7MB

MD5
d482e173ca0142d2a61e11ee8b901f8d

SHA1
a001ad85005bb41da807fe94a538847390ed5d71

SHA256
c93825c0ce044f3a526d4c95b22100aa3e39e4ac8337dabb47c9645a2c82cfb4

SHA512
6bf9f88dce1b9bdebc95f7d412a5aa8b64a32b807f4f82613c3d0e926d856ea523563aab74664b4c5ea75690d9b7eb6e5a75b51bb609cdc926d61886023f5c19

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\FreeNetflixDownload.exe

Filesize
16.2MB

MD5
046597c28dddd2defafc1d2a2ae97b86

SHA1
b42eadea2126fc8f4debb301752c3d2e5ae43749

SHA256
0c2e0b901c61768f77a3e2f10a4279b94a03574d78f2f4f5a31fd634ad19fa66

SHA512
0fdd9e11ae4c8a1c93318c3b5dbc923a2273aa71a7c94342dbef6c44ab5d8d29b9a5556930362051c66da96af141da4a4ec0bb9f08b78d104e2fdfa022e65834

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\Qt5Core.dll

Filesize
5.2MB

MD5
4c404921afb7b7c6fe56808cf9d6ae34

SHA1
06d5138a2a359129baf99ef884f6ef2b22b1cc2e

SHA256
dbcbb20a94b0efcc9ebe3550d29f2d65780e0988a228fb21be37178d25457194

SHA512
481cddccc2a4782b287911f426bf0c9f518209f8054be0f27b3e1c51e019b2825c219d25df3f036eefb6aeee578376544c87840d4940bb92854694335d2c6c5a

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\Qt5Gui.dll

Filesize
5.4MB

MD5
44c4d0872f63dc173520a8dc8fd7ecc4

SHA1
dd61f52f6c491b23fab5f2e2ec5583cb92eb1e8e

SHA256
5385e26e536390633c4eb40b94058e202c049a075b1f89ccdebb98ed11d61ec0

SHA512
f573dcb05121795614ff725fba05dc543806b37140caab716b0af57202b9e6b89b9914a30086dd282f583931cf60eab3c9d89fc69e570f575faf3199d2ee24a4

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\Qt5Multimedia.dll

Filesize
591KB

MD5
8a4cda375100c65d594350b4447ef1c0

SHA1
2e2f31ce37c423aed39a5aec18de75f4a57f00f9

SHA256
e0fe80ded4d08008b45e27944995bf966eede1dc32fc31dec36c34daeb24edc2

SHA512
3c2770aef9cc6f9bdb81a67daa0d3f48e28e146c569e00e353750db76758e0e5188e5f8dfda0375b4cbb1b16f2a9e0f9a9fc9a83e49b57f7b4bcb759810dc130

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\Qt5Network.dll

Filesize
1.0MB

MD5
a0cae95997458fe2b7af7a4a2c923aca

SHA1
f532f7418d4a51c80369f2c6bbbf99e91f3a6756

SHA256
aef5e0179f89cde8df83311675224ede474e6870ae8bd1c42e18a0be8090bf70

SHA512
628c5e3274ca6b804ecf1aa20f819fbc33e561c49d8c954c2d50207ce185e1421c841b02bc75daa0b18a92224ebacbc639004df9ba8d114e94e552ea58999553

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\Qt5PrintSupport.dll

Filesize
266KB

MD5
3cc8c9488bc09ddc0d9c49d79a282b99

SHA1
dc4270b719d1b3302457d06c55532c596c00ea17

SHA256
508bc8f854b33d454c8c19775fb8e2936049be5cc9a6d446761fbd79ee72c857

SHA512
a321ea0af7277b6f0fc471d9928ca31a509514d200243b0e9e9a71952b1506e55200c4be65e21c3fb15b7bbb8e52cd76bd88d79bc78e9ea859d5243592ea1e56

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\Qt5Quick.dll

Filesize
3.4MB

MD5
c61574e59e959e0c8e27ff6fe584df26

SHA1
15810bb4f5c509a9064f2858ba99c7619fdcea24

SHA256
0d20318dbbb32cc6971b99d353422c618d151d3b224a9b6d4aade1dc48176b0a

SHA512
2ea2c5c416071fcf94cd59bf8d8fabcf4c23e7750a39e1b64021b3f84996364d55c52efe5db938c749ac20b118818437f2f0a25f3b272eb62d6e00cb0bdf4fda

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\Qt5QuickWidgets.dll

Filesize
72KB

MD5
ec00cd28121dea772cab5905527cfd1d

SHA1
e197d65d4bb3be588e83086e70c62bbd7cee3d8f

SHA256
ca2a1779c36ffe331989049de93c050221aa4638732087f127416ebecdd9828e

SHA512
4ed8817be47ebbe0ad9c21fc829e25f840bc097bfa269cbbffd10f17a3f0826e602e7d79fdce631b009c0c7666cb0ce375c32ec4e00cb5cabfe437e3ef99300b

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\Qt5WebEngineWidgets.dll

Filesize
203KB

MD5
1a0715cae37af078dfb30890fe66d551

SHA1
487c7dd0cff965a7a4619865b6dd55209ae83d75

SHA256
01a8f555bea31745f4aed65c94e3db7a0d440b148d677cd5903d6ec980e10a12

SHA512
f03d221257e9f056231646cbc9377f0466a131d2e5bf590bf165687f6994ef9b808d42783e80a1840b2cc4e12b69652337a6e841a9f5cb98c44b06455f2a6517

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\Qt5Widgets.dll

Filesize
4.3MB

MD5
eb76aa274b687ef52cf0fd869563a2ac

SHA1
a5a01be5b13bf05e6aeb086b27ada9093271dbe0

SHA256
1c6e767a88282bb2a1ac910e92247d4b6d1b02e05462ba3fc7e093d75a665d3a

SHA512
4badf516254b236723b77d3b095f84fae9975eecfd320148a13e47614fb5e332afaddafe1a40a0152838a427f68482c214281b277d5dae4053a2a9b3a382b682

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\avcodec-58.dll

Filesize
17.7MB

MD5
1252ede13ca1fe23c15a12fdbb2c4f53

SHA1
f068c055413e480caa5c84fcf23e38fee0b66733

SHA256
a2ec43d1f8e3e5e8c24fb461411e5c46ab48ec9dd8929e724e0780977e9016bf

SHA512
15545aff541e51bf9dd8b965c0b91e67964ff984859f9bd262a873e863b0b2d46c4bd34571e02ecf38da3a7d4f1bc1d5dfaf18f427cb4b4a854fa39591e36082

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\avfilter-7.dll

Filesize
610KB

MD5
0f07068b06638fe1a443d1288cf563af

SHA1
93c97bf63c906f3dfbb11172dcfab44511ecba07

SHA256
69f2c35febec98f97ef6c867a02ea451a3780b8b4d3d1cff8dbd3f7dc2a1ec7b

SHA512
7ca890722acb6571d1ccfa447c4751f0cbfb5772beaf8651ab819ad58ae3c5c48ad8a6aa9f4ba084ec9826a97434133db532b31aa57a04c3db670bfccb0caf23

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\avformat-58.dll

Filesize
3.4MB

MD5
95a802853dc5fff77deeda2885bbdbc1

SHA1
6307542762b86221eb6a801fdd9f9c6049c4acfc

SHA256
608713aba4f999c367df3d21a11df706c2e294ced644189ceb2129179632492e

SHA512
55a921d78e2c3e093f0b801516aa7f952dfe408963bc599a197f87381a2809950bd53b6b6e10679297c8826755c540b2bf4bef5287ab2da6efd52615fdc49d05

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\avutil-56.dll

Filesize
1.4MB

MD5
cbaa33cb217f9a1a98c0855e74f11ffa

SHA1
820c76ed09abb5b18c6e3c2a582fee25abcd9030

SHA256
e0f79d040259dd5217ed5a067bdb06d13be2a131e602a359ddd63a82eaa45d2a

SHA512
3ec57a36a4dad90321a41ef1f7b79e2bd53978b0e6c3e312405847978d9700cce92e686548d3db073eef991f6cadbf4d69c53e1e65b18864e2ed32aad5bfb6db

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\gif.dll

Filesize
39KB

MD5
46ed521a45f5ea9b68b6c284191e1d1d

SHA1
c90bbc71506fe6c2af06f8d17affccc411928601

SHA256
db5041651fa9851484a805f9619961dfec59ab3db379da45cfc74ce5c31fcb66

SHA512
7c29448ee7bb1743ac8baa3b67fd172d7390d265819360ed55afb5c6fccf57b784bda8df64508ead9f3a3a10be765653c6d6e9e4ac268a1979248200b47a869a

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\jpeg62.dll

Filesize
550KB

MD5
d1407b6fb08ce2f19d37040251b119e2

SHA1
da12ca50c755c9f505e7bfca6695861764a3f54b

SHA256
20fa7bdb160809e679e20f34bb6d87d94c5efcab1bcb2e5dcf3eaaf14073d34f

SHA512
cb41438d0eeebedd742fcfed7f465e3082daefed15a684ada254dc6a4ad169cf7c52e30011f92d1c890675f7224d81e86add891894af58f0b79bd3f3306ba660

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\leptonica-1.83.1.dll

Filesize
2.1MB

MD5
d1932ce4b58126deb755e3f9e29f00b1

SHA1
1d19e84bce5d2a8b1701795d7add742e56321c63

SHA256
886f074094e48b10334ec00b6325815cdfa8af5bd6eecc32a354d892687bea4b

SHA512
4d462dee39c76e38b93a5725e8c841ddf4f21d5afa65c0e5c9485cdf124dbd3264cf13fe1caabfc72ebe734f06ea6caf9623e397f50d3890ddc43737264b12ce

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\libcrypto-3.dll

Filesize
2.7MB

MD5
8064620c0bb69f432f22771f9b1cbd76

SHA1
7297b6980925fa17fbd3fc1f6bdf759fa13b4399

SHA256
f2061c44fa57093751a1e0ae3a3c177be80427d9f81573543eda651dab530aad

SHA512
952e19140cd715860f801fc3fa664d93129054be89c5d264ee235377b60b6e0e1d908f6632db6518ec27000b8cd039fe6ba20a180560e3c571bdd7034e5e63f1

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\libpng16.dll

Filesize
174KB

MD5
b8aa9798ea2545c18a96bb002d7ccc6e

SHA1
d86277cfb57b0a26e8b940ae6bd53bffde49bfef

SHA256
a590e46de424a5753e7c27856e0b58693e73fd06d1a252f9f0d3ecb9ef1a426a

SHA512
7407ff39b233d3ac1040da776634a8db43e48f39a71c11d186d2cbc0f71ae8902cdc7fe1533ed891aefb270e51c7d72fb8dc484fdbc9d469f01b1ed6405ee2b9

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\libx264-164.dll

Filesize
1.7MB

MD5
fafc3758d885e63b252b9f8595321d09

SHA1
dafa7b3358cc3ecd18b05cbe479cb766123dae77

SHA256
19de7bce17d0ddc195f82138a2ee83bc8932611293ce44f07401632b16ce79a8

SHA512
dc2db0921e3bd89c80b531eb1b33f6166dadc79732f530b4486cf385cf74577ab6e50ac15f0dbe3e0822b6934609484abee744564b0bf15ac0640108dbdbd2f5

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\msvcp140.dll

Filesize
437KB

MD5
dc739066c9d0ca961cba2f320cade28e

SHA1
81ed5f7861e748b90c7ae2d18da80d1409d1fa05

SHA256
74e9268a68118bb1ac5154f8f327887715960ccc37ba9dabbe31ecd82dcbaa55

SHA512
4eb181984d989156b8703fd8bb8963d7a5a3b7f981fe747c6992993b7a1395a21f45dbedf08c1483d523e772bdf41330753e1771243b53da36d2539c01171cf1

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\msvcp140_1.dll

Filesize
32KB

MD5
ca41f812e04bf186926c8e312ed86990

SHA1
06ad85c589487bb6a172c41164e404c152f58c1b

SHA256
037da271a83151debaa648a35cf5ce9ee9b8fedaa7e437bee1b44ece54ad9933

SHA512
796e43a7057ef7e0fc6863c221e43cec4e14c019e5ea2526ce4683f29702c25e7f478b1f27af59b21302de0e466483d1b846409f1e976d04c687f84b2c2ddabd

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\openjp2.dll

Filesize
316KB

MD5
31b0fa7e693012303838a69e7fadc129

SHA1
df93e87653c635d56728f62af150c73062cfb114

SHA256
64bf163d74c85c50dd318fd629032785ff3acde4302c1474ba7b3fdd6573fb89

SHA512
95dca0f836a6f37f878fb6175f6cb8425ec3645dcb3c5d4d74af0ec0d5dc42905d4e77eee02c861b0118d58aff5500875c9c158c6f2c7d0da7cd1545bb09b017

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\swresample-3.dll

Filesize
405KB

MD5
718cc3a33c95f066075380627c426ee5

SHA1
047f76d61bc3527dc925ab2aca41599430ed9182

SHA256
1b0feca0feeece0e5ad56c84e251ffb4c25ceb72cbc458df7e691ccbd53546c2

SHA512
9e989038c0a3929844388abefcadf20b5ff1aacee1c3256234c8b0f6b8d244139a154a349629de719595e3ea3516c937bd1421847bd0c18ffb3217f16712c5ca

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\swscale-5.dll

Filesize
877KB

MD5
808be41a90fab0193c663490d229ca9c

SHA1
f71d3ebb01d0895641fe5ba98ca64ba455b737d4

SHA256
db2ab2d3481b5809dc978ac10836b556b82868ac85e50d04a0dfc526b7f1aead

SHA512
cc8cd7db616fdf455eba4a36378090107eeed95f0e6b1e4a14c3feca18b170995b9f06454dea93dfb94058a0ab424bf2c7528f42aa3fd56c2c7b3e5702f6dada

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\tag.dll

Filesize
630KB

MD5
789f0fb1b57db8c72096b16291565aff

SHA1
8ed2e635abc67bf5687759c7b7ce731747f82c2d

SHA256
88294628ed7cdf874b13bbae9679ebc305fe4e275db3bc8bc34827d8ea847735

SHA512
8c1ce4d374f52af0855cefba80272332e95d1bdc4479dff159ef97cffdf62566083e275f087bf8e577de42e602dcf0f170627f6a3af8ec97dec4c1f52ca68afc

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\tesseract53.dll

Filesize
2.2MB

MD5
f90cf949621f5524796a38d9cc6f7164

SHA1
0aa1161ea4b9f9b2a314a4205e6d47d3071a8b68

SHA256
3e40d1b17bc591d2746b6049505e54f3fccc56ea96275413a87af502944410a8

SHA512
fcb5f7ad9f625c6e2c17ae424bf02d64ed5727f767a6c68a555ce33cb83fa2fe4699d54a44ccef7fbd78d040707b8011114662d996ace6d10434acddd31f472c

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\tiff.dll

Filesize
413KB

MD5
e1a1bb65675100876bf885d8769ccc2e

SHA1
809e8073605d1a537678d51032d4c48b8967b8b5

SHA256
43a91638d8f9b9d23b0dda1e4b80a3ccc5e1dd63da68636f8ef829fa9fd12b7c

SHA512
f8bc6b448eecd70b4eb2da136fd432d62538e178c5534dfc50c1a0ec84909c29af3ebf33ba8716aa88880f40a66658689d007300c08bb5cc564ee1d7a158a7a5

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\vcruntime140.dll

Filesize
88KB

MD5
1d4ff3cf64ab08c66ae9a4013c89a3ac

SHA1
f9ee15d0e9b0b7e04ff4c8a5de5afcffe8b2527b

SHA256
65f620bc588d95fe2ed236d1602e49f89077b434c83102549eed137c7fdc7220

SHA512
65fbd68843280e933620c470e524fba993ab4c48ede4bc0917b4ebe25da0408d02daec3f5afcd44a3ff8aba676d2eff2dda3f354029d27932ef39c9fdea51c26

Download Submit
C:\Program Files (x86)\FreeGrabApp\Free Netflix Download\zlib1.dll

Filesize
88KB

MD5
e3d8fffc3fafc1f0b0f096134f599f3c

SHA1
29cbe9dfb4cdbaa5358aa2f0ba45954516dbbd8b

SHA256
c2b837b10533908f1f887205782d5671e628ae0cd4bbade3bed1a059ee056a32

SHA512
46c1998fd3945e183d0d1a5363189d6b4837602291d412dada925e168606ce96042dd08edeca4f01840a2621abfa71a8f00e4a306f34bc137c74c812a4aa9f2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
f336a8bca0792ae808fd7b698e4d8601

SHA1
89cdde91e9ae4b19e20b56a6135bba80f7aec9ce

SHA256
8832ed0fe6bf142a1aae62604fed5558971ac421577073d6a973391dab7f64c1

SHA512
516294cbb0aca0cdb456aa07d5f5d02ab1228a43a83d53369a486f303deea8b4d552e64dd9b52464f7906dfa6c0ecc4d4b2a385859e0136192ace4e7062b812b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9b3bb6c6d79fcedcb457850e517bf1a2

SHA1
f1681a9782f3272c1b1eaa304cd26863b3a9cc75

SHA256
6d539d5c30269f89b3bd110135700e62fa3ab483eac812936c836422a1abd6ba

SHA512
fba6ddd9f4a63574069a0d292ef0b561e255ddb6b9370a872e21c12c80c9bb923c27021658595a64089d34bd7c9d75e5f9ad14a01100903d83671fd9e454d6fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a8273ba3658186ea72b7f66636f9cdb0

SHA1
261e94dc0073c3e8e18adc087170ffd8eaa2b4f5

SHA256
c7b4c50e46b3801dc8a5f1c6982b1c48cc15dfe73b55fc78e3d31703305c371e

SHA512
a5107772bb16f2f0da1a993e4a14789bb9767b3ffb2c79c23c23c8f0649ea9a5bf50d2366e9a8eb46c16fdac7fc278c7c0720d496e3768cf825537ada0f1308d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
128c8412af73c2a97025446f9669222e

SHA1
60b4d0fa2a64d5d355e9e044823315042b90118f

SHA256
2b76ee82320798fa6148ed7823eda2fe58a13569af0aedeee57edc79e9cd6658

SHA512
8749022eda11adea8ee23f08a679fec87076bda4d49ce470f09e68b5a18fc6ccc9f165f841ad05ba4b7d95b9460ee9f49021e303c1503a08b648fb21efa257de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fa64c84ae49098ebdaf25e914a2f737a

SHA1
be594d3f7cb86d790f502e4c227656bc7ed28d5e

SHA256
716ce599108044c6f37322a9f3835f5b861a41d204e13f078e25d43efd8bdeff

SHA512
e9d1e8b63cd9494ef16a603b3b0423e228755d5de18c175014aaf560e644a6114a51a582041d42489f3bccaaaaae97715c7647194613fc30f83da86ffaec3139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
3a954f0ebafd8e74a9723ad2b3eb176c

SHA1
676e32e8de23aee19492825a5460d9db6198a16c

SHA256
ccb273d3f6f1f30772ad135bc2b938156df894d1eb7d315c2c9d420cb0589617

SHA512
b9dec6457c1ea4d30607e492c514e75c52abf663424b5bf64ae40b1e7ac5cef30b199ae455210ae6ab66575db2366364804065f876c381a4ae6b74e5d14f5b34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
3f019d52d803f061a510bca5eedbd580

SHA1
f36b72fe3df3a375d452c778c2641dcf3cb3f30d

SHA256
7537e046059c2eecf2d05651e309a70a553cf35313868b1afd59800a0daff589

SHA512
edab7cf1e2c7a916cc07138ab7595742d3b9de213ddd8d89bb4201c7a62d938d7688ebada34ff5eafa651a1facd87e3daecaded57bf3789910f09bb093c87036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58f586.TMP

Filesize
539B

MD5
6ffc5a2c9c24d2eaf80da8c2a2c02a3b

SHA1
b1bc4eaaba6c9f9f89a2d869a1e64502e8bd5e46

SHA256
30e4410690dd889f01009bf04aac36376e2673c6a7e90d55b39dce8a390bcb7f

SHA512
79f791787a58cbc7a822607c4c5bd508191e9454a3898ed4f34ce894a81c356f4c2c52ccb08251e4361677e589431f9081b9d46c641fe3bbbb0310478b312d2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c9f769aaf4222c22241678faadb51d05

SHA1
0b39a6f692287ce023c4d26aab26240c6a7881cb

SHA256
2dc7e7a8904c9efad77bb194e72a19d5538aa51d05f500f066597b805272a1e6

SHA512
064d2324371432bd9706bb52d927ad2b720bb98ea5e7b3812328df1125461cbcb6f3b2f56523d55b33a18f550b659810efb63db4823a2c07b45bbc8640e53eec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
07057772e501b2478608aa6b1db4c015

SHA1
fd6a4159fe486a0ee9febba0d82182d7e2f38704

SHA256
4895eb9a86249b7b1f4a20c911e9b76cae28a5234f719d446fd4611a69cfb2e5

SHA512
095cff6ca785d0f6c71dda9a0d5e8c8934ff9e1febd8bb6a536b56821ac5fcc692c38cdd679a81d66d2907819c835c06c9304bc8a6f4820f8c7c00f4af7741c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b97cf728b33298f6cd4536b3c37dcba3

SHA1
84eb51b585f9234d46bd2a5254351ab7b7102825

SHA256
aafeeed368fcc52deed3de404f23b782c295352a705404e182321f8972d52ba1

SHA512
ecdd500af90324b135c2fc7ddddac129ee97ccde5cbc2efdca179e03b3a8914b9890acdc6a6db28b959bd1ac9966b80ef9b2cda59c04f837f96522a016426402

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-267HR.tmp\FreeNetflixDownload.tmp

Filesize
3.1MB

MD5
43ea6b27dfdd1ab52371118c5b074b77

SHA1
0d7b667074430efee546cf456779177867a669dc

SHA256
5d1d30e97ae7e6265eb634222955cd6101886adc312a6fd475872a3a677c5eeb

SHA512
4d13c82571168d4d9cc2cc448cdc0cc4e34b34cb8832d05e538daac9f178f228e6e50887a707845c178b09e962ec271c006be1706d71496140c79c2f911c77d8

Download Submit
memory/1596-6-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/1596-371-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/1596-112-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/1596-10-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/1596-380-0x0000000000400000-0x0000000000720000-memory.dmp

Filesize
3.1MB

Download
memory/3600-0-0x0000000000400000-0x00000000004E6000-memory.dmp

Filesize
920KB

Download
memory/3600-9-0x0000000000400000-0x00000000004E6000-memory.dmp

Filesize
920KB

Download
memory/3600-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/3756-377-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

Filesize
4KB

Download
memory/3756-421-0x000000006E810000-0x000000006E8E8000-memory.dmp

Filesize
864KB

Download
memory/3756-420-0x000000006EB30000-0x000000006EBBF000-memory.dmp

Filesize
572KB

Download
memory/3756-416-0x0000000070510000-0x00000000707F5000-memory.dmp

Filesize
2.9MB

Download
memory/3756-415-0x0000000070800000-0x0000000070AFF000-memory.dmp

Filesize
3.0MB

Download
memory/3756-381-0x00000000009D0000-0x00000000028B8000-memory.dmp

Filesize
30.9MB

Download
memory/3756-417-0x000000006EBC0000-0x0000000070505000-memory.dmp

Filesize
25.3MB

Download
memory/3756-370-0x00000000009D0000-0x00000000028B8000-memory.dmp

Filesize
30.9MB

Download